\begin{abstract}

Model Driven Engineering (MDE) is currently one of the most promising approaches to secure IT systems and infrastructures and provides many advantages over traditional code-based approaches. In this paper, we introduce an MDE-based approach to generate security infrastructures for target applications based on a Domain Specific security modeling Language. Our security model covers both obligations and authorizations (access control) and therefore it supports the modeling of practical requirements found in internal and regulatory mandates. The salient features of our work are: 1) it enables security policy update at runtime, 2) makes explicit the relationships between the system and policy models, and 3) offers means to monitor security policy violations and to specify how the policy should be updated accordingly.

\keywords{Security Policies, MDE, Security@runtime}
\end{abstract}
